diff --git a/README.md b/README.md
index f760f81..522ae5d 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,7 @@ See in [ruleset.yaml](ruleset.yaml) for an example.
     x-forwarded-for: none      # override X-Forwarded-For header or delete with none
     referer: none              # override Referer header or delete with none
     user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
+    content-security-policy: script-src 'self'; # override response header
     cookie: privacy=1
   regexRules:
     - match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
diff --git a/handlers/proxy.go b/handlers/proxy.go
index 8862492..28c0694 100644
--- a/handlers/proxy.go
+++ b/handlers/proxy.go
@@ -33,6 +33,8 @@ func ProxySite(c *fiber.Ctx) error {
 	}
 
 	c.Set("Content-Type", resp.Header.Get("Content-Type"))
+	c.Set("Content-Security-Policy", resp.Header.Get("Content-Security-Policy"))
+
 	return c.SendString(body)
 }
 
@@ -111,6 +113,10 @@ func fetchSite(urlpath string, queries map[string]string) (string, *http.Request
 		return "", nil, nil, err
 	}
 
+	if rule.Headers.CSP != "" {
+		resp.Header.Set("Content-Security-Policy", rule.Headers.CSP)
+	}
+
 	log.Print("rule", rule)
 	body := rewriteHtml(bodyB, u, rule)
 	return body, req, resp, nil
diff --git a/handlers/types.go b/handlers/types.go
index 5aca088..16e4c49 100644
--- a/handlers/types.go
+++ b/handlers/types.go
@@ -16,6 +16,7 @@ type Rule struct {
 		XForwardedFor string `yaml:"x-forwarded-for,omitempty"`
 		Referer       string `yaml:"referer,omitempty"`
 		Cookie        string `yaml:"cookie,omitempty"`
+		CSP           string `yaml:"content-security-policy,omitempty"`
 	} `yaml:"headers,omitempty"`
 	GoogleCache bool    `yaml:"googleCache,omitempty"`
 	RegexRules  []Regex `yaml:"regexRules"`
diff --git a/ruleset.yaml b/ruleset.yaml
index 1fe50e3..d1c1e9f 100644
--- a/ruleset.yaml
+++ b/ruleset.yaml
@@ -161,4 +161,5 @@
     referer: https://t.co/x?amp=1
     x-forwarded-for: none
     user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
+    content-security-policy: script-src 'self';
     cookie: 
\ No newline at end of file